nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html | Mailing List Third Party Advisory |
http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html | Mitigation Vendor Advisory |
http://secunia.com/advisories/55757 | Third Party Advisory |
http://secunia.com/advisories/55822 | Third Party Advisory |
http://secunia.com/advisories/55825 | Third Party Advisory |
http://www.debian.org/security/2012/dsa-2802 | Broken Link |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
10 Nov 2021, 15:59
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:* |
Information
Published : 2013-11-23 18:55
Updated : 2023-12-10 11:16
NVD link : CVE-2013-4547
Mitre link : CVE-2013-4547
CVE.ORG link : CVE-2013-4547
JSON object : View
Products Affected
suse
- lifecycle_management_server
- studio_onsite
- webyast
opensuse
- opensuse
f5
- nginx
CWE
CWE-116
Improper Encoding or Escaping of Output